|
COMMAND Jrun sourcecode disclosure SYSTEMS AFFECTED Jrun 4.0 on Windows 2000 Server PROBLEM In Peter Gründl [pgrundl@kpmg.dk] of KPMH Danemark advisory [BUG-ID: 2002026] : There are several strings that can be attacked to a legitimate request to fool the webserver into serving up the unparsed .jsp file The problem is with the handling of null characters in the request string and one way to trigger it is to append a unicoded null to the valid request string. SOLUTION Read the vendors advisory to determine which patch you need: http://www.macromedia.com/v1/handlers/index.cfm?ID=23164